IoT Botnet Used for Site Hacks

The problems caused by unsecured IoT devices keep coming and coming, and there seems to be no end in sight, at the very least not until the industry starts taking security seriously. A new botnet of Linux-based IoT devices is now being used to hack websites.

According to security researchers from Doctor Web, the new malware is called Linux.ProxyM and has been around since February. Before this new campaign, the botnet was used mostly in spam campaigns. Each infected device generated around 400 messages per day back in September.

Soon, spam turned into phishing messages, with the emails posing as coming from DocuSign, which is a service that allows users to download, view, sign, or track the status of electronic documents. The emails contained a link to a fake DocuSign website that tried tricking users into entering their credentials. Once they filled in their data, they were redirected to the real DocuSign authorization page, but the login details had already been picked up the attackers.

Once this phase was done, the attackers started using the botnet to hack websites through a myriad of methods, including Cross-Site Scripting, and SQL injections. The targets have been game servers, forums, as well as Russian websites, for instance.

The malware has been targeting devices with the following architectures, according to Doctor Web – x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 68000, and SPARC, which is pretty much any Linux device, including top boxes, routers, and other equipment.

Botnets, a widespread phenomenon

The new development shows Internet of Things devices are increasingly popular to hackers. Botnets formed of such devices aren’t new, and they’ve been used many times over the years for various types of attacks, including DDoS. Many cybersecurity experts have called the alarm over the years over the issues raised by the poor security built into these devices. Many of them can’t be updated at all, others can’t be secured beyond the default settings, while others are plain open to anyone. There was even a white hat hacker a few months back who infected some 300,000 IoT devices with a specially-designed malware that closed down the ports that are frequently used by hackers to take control of the devices, saying the only role of the malware was to increase their security.

Bruce Schneier has repeated numerous times over the past few years that unless the IoT industry starts taking security issues seriously, the world’s governments will step in and do what needs to be done to protect consumers.

Several European countries have already taken steps this holiday season to ban the sale of several connected toys that are known to have severe security issues, like the Cayla doll which exposed children’s conversations.